2010 – It’s Time for Security Resolutions Not Predictions…

November and December usually signal the onslaught of security predictions for the coming year. They’re usually focused on the negative.

I’ve done these a couple of times and while I find the mental exercise interesting, it really doesn’t result in anything, well, actionable.

So, this year I’m going to state what I am *going* to do rather than what I think others *might.* I’ve spent the last couple of years talking about the challenges, now it’s time to focus on the solutions.

It’s quite simple. I resolve to:

Continue my efforts to make the Cloud Security Alliance work products more useful and impactful, focusing on solutions to the challenges we have with Cloud Security

Push the agenda for transparency in Cloud providers with the A6 API working group

Deliver even more interesting and thought-provoking presentations focused on virtualization and Cloud security

Take our local security scene up a notch: focus on making BeanSec more than just a social event and make it the epicenter for security knowledge sharing in the greater Boston area

Spend more time at local events such as ISACA and OWASP and support regional “non-cons”; many folks don’t get to go to the big shows

Blog more and push the envelope on things I know need to improve. Also publish the podcast and vlogs on a regular basis

Reach out beyond the U.S. and share more/learn more with folks from other countries/backgrounds

Dig my heels in and participate more actively in the standards bodies and organizations that I lurk in (PCI vSig, DMTF, etc.)

Focus on making my contacts into more of a community; I have the most awesome circle of friends and acquaintances and it’s time to put them to use